So far, the cybersecurity war has been a lopsided rout. And it’s the bad guys who are on an epic winning streak.

They’ve hacked into retailers, looting credit card information from Target and Home Depot, and stolen sensitive patient data from major health insurers. They’ve hit Hollywood, the media, the Pentagon. And in one of the largest attacks against the federal government, they recently rooted around in the databases of the Office of Personnel Management.

But now the audacious Pentagon research agency that invented the Internet is trying to figure out how to protect it.

The agency’s conclusion: We’re doing cybersecurity all wrong.

Today, most network protective systems are like fire alarms; they sound when there’s smoke, and then the firefighters arrive to extinguish the flames. But the Defense Advanced Research Projects Agency, dubbed the “Department of Mad Scientists,” envisions a massive, automated computer system that not only detects the smoke, but prevents the fire from happening in the first place — or snuffs it out almost immediately. , , , , , , , ,

To build a fully automated, computer-driven system that would find bugs in software and patch them on its own, DARPA has invited teams from all over the country to compete in a major cyberbattle it calls the Grand Cyber Challenge, with a $2 million first prize.

The goal is to level a playing field that today is wildly in favor of hackers, (said Michael Walker, a DARPA program manager). If a computer system could be envisioned as being 1 million miles long, he said, hackers only have to find a single crack, while “the defense has to guard the entire wall.”

Only a computer system is capable of the immense task of finding every crack and patching them before they can be exploited, he said . . . . . .

DARPA initially started with more than 100 teams when it began the program a year ago, but the field was quickly whittled down. On Wednesday, it announced the seven finalists chosen to compete in the competition next year. They are an eclectic band of cyberwarriors, ranging from academics representing major university computer science programs to well-known hackers and defense industry heavyweights.. . . . .

But just as it took years for IBM’s Watson and Deep Blue to take on the world’s best in Jeopardy and chess, it will be a while before a computer is ready to play cyberdefense on its own against the best hackers in the world at “capture the flag” contests at places such as the DefCon Conference.

And it may be impossible to build a system that can’t ever be hacked.

The competition, though, is an important step in that direction, Walker said.